[Cryptography] What ever happened to end-to-end email encryption?

Phillip Hallam-Baker phill at hallambaker.com
Mon Aug 23 01:16:45 EDT 2021 

On Sun, Aug 22, 2021 at 9:35 PM Jeffrey Goldberg <jeffrey at goldmark.org>
wrote:

> On Aug 20, 2021, at 7:31 PM, R Perlman <radiajpc at gmail.com> wrote:
> >
> > The usability issues were not worked out. How would a user obtain a
> public key? How would a user get a certificate? How would a user know the
> public key of someone they are receiving from/sending to?
>
> I was a huge advocate of PGP back in the 90s where I was postmaster at a
> post graduate engineering university in the UK. I was extremely well
> positioned to teach and support the use of PGP. (Well, other than the fact
> that as a US citizen, I couldn’t legally make PGP available to those in the
> UK, but that is another story.)
>
> One of the reasons for my  bring pretty good privacy to the masses is that
> for people to use it safely they needed to understand the distinction
> between trusting an identity and “trusting as an introducer.” Sure
> individuals are smart enough to understand that distinction if motivated
> to, but it is a lot to ask from users. UI can help, but it can’t make that
> problem go away.
>
> As much as we all hate the system of CAs out there, it is enormously
> better for users than the web of trust. This brings us to S/MIME. Getting a
> proper S/MIME certificate for most people requires that the generate a CSR.
> UI can help, but it is also a really big ask conceptually. Website
> certificates work because users only have to deal with the (much improved
> in recent years) browser warnings. Only the site administrators have to
> deal with CSRs and renewals. S/MIME puts that sort of burden on the user.
>

People can complain all they like but fact is, the WebPKI worked and none
of the other proposals made at the time did. DNSSEC is the only scheme that
has kinda, sorta seen deployment but nothing bad would happen if it was
simply switched off tomorrow which is a way of saying, it ain't protecting
anything of consequence.

I am damn proud of the fact that I helped deploy a PKI people use every
day that is still the basis of securing Internet commerce and continues to
perform within its design parameters 25 years later. Oh and no, it is not
true just anyone can set up as a CA. There is quite a process and I had a
hand in making that happen.

The problem I have with the CA system is that I could never work out how to
scale it to issue certs to people as opposed to employees inside an
organization. S/MIME failed in large part because it is only usable in
organizations the size and scale of the US government or NATO. It doesn't
work at individual scale. Nor does the Web o' Trust.


Hence my proposal for the callsign infrastructure described in the other
post.

The realization I came to was that the only way that you can make broad
scale PKI work is on a direct trust model. This is what PGP has degenerated
into. Nobody really uses the Web o Trust, it is the fingerprints that
matter.

The Callsign registry is a hack that basically binds fingerprints to a
registered name (callsign) on a first come first served basis. This
provides the ease of use of a human readable name '@alice' with the
simplicity and security of the direct trust model. The callsign registry
can't default because the registry is maintained as an append only log the
periodically cross notarizes with Mesh service providers which in turn
cross notarize with their subscribers. Thus the entire system is meshed
together like a set of gears.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210823/6a5b4d7c/attachment.htm>

More information about the cryptography mailing list